Index: doc/cryptography.html ================================================================== --- doc/cryptography.html +++ doc/cryptography.html @@ -204,13 +204,14 @@
-length integer
-size integer
-
Set the output hash or KDF length in bytes. Used by KDFs, KMAC128, and - KMAC256 to specify an output length in bytes. The default size - for KMAC128 is 32 bytes and KMAC256 is 64 bytes.
+
Set the output length in bytes. Used by KDFs, KMAC128 and KMAC256 MACs, + and SHAKE128 and SHAKE256 XOF hashes. The default length for KMAC128 is 32 + bytes and KMAC256 is 64 bytes. The default length for SHAKE128 is 16 bytes + and SHAKE256 is 32 bytes.
-tag string
-tag string
@@ -352,11 +353,12 @@ key_lengthkey length of a cipher in bytes. iv_lengthIV length of a cipher in bytes or 0 if not used. typeBase type of this cipher or undefined if none. providerProvider of the cipher. OpenSSL 3.0+ only. modeBlock cipher mode or stream for a stream cipher. - flagsFlags associated with the cipher. Includes: Variable Length, AEAD Cipher, Non FIPS Allow, etc. + flagsFlags associated with the cipher. Includes: + Variable Length, AEAD Cipher, Non FIPS Allow, etc.
tls::ciphers ?protocol? ?verbose? ?supported?
Without any args, returns a list of all symmetric ciphers for use with @@ -379,11 +381,12 @@ sizeSize of the digest in bits. block_sizeBlock size of digest in bytes. providerProvider of the digest. OpenSSL 3.0+ only. typeBase type of this digest or undefined if none. pkey_typePkey associated with digest. - flagsFlags associated with the digest. Includes: One-shot, XOF, etc. + flagsFlags associated with the digest. Includes: + One-shot (only one update (no incremental) allowed), XOF (variable length), etc.
tls::kdfs
Returns a list of the available Key Derivation Function (KDF) algorithms. Each item in the list corresponds to a command with the same name.
@@ -441,24 +444,26 @@
tls::mac ?-mac? name -cipher name -digest name - -key key ? - -bin|-hex - ?[-chan channelId | -command cmdName | + -key key + ?-bin|-hex? + ?-length|-size length? + [-chan channelId | -command cmdName | -file filename | ?-data? data]
(OpenSSL 3.0+) Calculate the Message Authentication Code (MAC) where key is a shared key and output the result per the I/O options in the specified format. MACs are used to ensure authenticity and the integrity of data. See options for usage info.
tls::md ?-digest? name - ?-bin|-hex - ?[-chan channelId | -command cmdName | + ?-bin|-hex? + ?-length|-size length? + [-chan channelId | -command cmdName | -file filename | ?-data? data]
Calculate the message digest (MD) using hash function name and output the result per the I/O options in the specified format. MDs are used to ensure the integrity of data. See options for usage info.
@@ -526,39 +531,39 @@
tls::hkdf -digest digest -key string ?-info string? ?-salt string? - ?-size derived_length?
-
Derive a key of size size using the HMAC-based Extract-and-Expand + ?-length|-size length? +
Derive a key of size length using the HMAC-based Extract-and-Expand Key Derivation Function (HKDF). See options for usage info.
tls::pbkdf2 [-cipher cipher | - -size derived_length] + -length length] -digest digest ?-iterations count? ?-password string? ?-salt string?
Derive a key and initialization vector (iv) from a password and salt value using PKCS5_PBKDF2_HMAC. See options for usage info. If -cipher is specified, then the derived key and iv sized for that cipher are returned as a key-value list. If not or if -size is specified, - then the derived key (DK) of size bytes is returned.
+ then the derived key (DK) of length bytes is returned.
tls::scrypt -password string -salt string ?-N costParameter? ?-r blockSize? ?-p parallelization? - ?-size derived_length?
-
Derive a key of size size using the scrypt password based key derivation function. - See options for usage info. - See RFC 7914 for more details. Can consume a large amount of memory. + ?-length|-size length? +
Derive a key of size length using the scrypt password based key + derivation function. See options for usage + info. See RFC 7914 for more details. Can consume a large amount of memory. RAM used is roughly (128 * N * r * p) bytes. Memory is limited to 1025 MiB. The custom options are:
-NThe CPU/Memory cost parameter must be larger than 1, a power of 2, and less than @@ -601,24 +606,29 @@

GLOSSARY

The following is a list of the terminology used in this package along with brief definitions. For more details, please consult with the OpenSSL documentation.

- + + + + + + + + + + +
AADAdditional Authenticated Data
AEADAuthenticated Encryption with Associated Data
IVInitialization vector
KDFKey Derivation Function
MACMessage Authenticated Code
MDMessage Digest
SHASecure Hash Algorithm
TLSTransport Layer Security
XOFExtendable-Output Function (aka variable length)

EXAMPLES

TBS


-package require http
-package require tls
-
-http::register https 443 [list ::tls::socket -autoservername true -require true -cadir /etc/ssl/certs]
-
-set tok [http::geturl https://www.tcl.tk/]
+TBD

SPECIAL CONSIDERATIONS